Security News

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say
2021-10-22 17:01

There have been rumblings about REvil getting sucker-punched for a while: Last week, Flashpoint reported that on Oct. 17, a REvil operator announced that the ransomware group was shutting down its presence on the high-tier Russian language forum XSS after their domain had been "Hijacked." "The REvil operation stated that the REvil domain was accessed using Unknown's keys, confirming their concerns that a third-party has backups with their service keys," according to Flashpoint's writeup.

Acer servers cracked in India and Taiwan – including systems with customer data
2021-10-20 04:45

Taiwanese PC maker Acer has not only admitted servers it operates in India and and Taiwan were compromised but that only those systems in India contained customer data. The miscreants who claimed to be behind the network breaches boasted they stole gigabytes of information from the servers, and suggested other Acer operations around the world are also vulnerable to information theft.

Canonical launches Ubuntu 21.10 for desktop and server
2021-10-15 07:58

The latest version of the world's most popular Linux distribution, Ubuntu 21.10, codenamed 'Impish Indy', has landed on Canonical's download channels. The 'Server' edition of Ubuntu 21.10 comes with 'needrestart' enabled by default, includes certified NVIDIA GPU drivers, and offers a 'minimal' installation option to accommodate IoT or container installations.

Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration
2021-10-07 00:55

Interactive livestreaming platform Twitch acknowledged a "Breach" after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools. The Amazon-owned service said it's "Working with urgency to understand the extent of this," adding the data was exposed "Due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party."

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!
2021-10-06 22:31

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers noted in an advisory published Tuesday.

VMware ESXi Servers Encrypted by Lightning-Fast Python Script
2021-10-06 20:34

Researchers have discovered a new Python ransomware from an unnamed gang that's striking ESXi servers and virtual machines with what they called "Sniper-like" speed. While the choice of Python for the ransomware is fairly distinctive, going after ESXi servers is anything but.

Apache web server zero-day bug is easy to exploit – patch now!
2021-10-06 18:29

The venerable Apache web server has just been updated to fix a dangerous remote code execution bug. This bug is already both widely-known and trivial to exploit, with examples now circulating freely on Twitter, and a single, innocent-looking web request aimed at your server could be enough for an attacker to take it over completely.

Running a recent Apache web server version? You probably need to patch it. Now
2021-10-06 16:28

The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited. Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great.

Running an Apache web server? You probably need to patch it. Now
2021-10-06 16:28

Unless you want to leak like a sieve The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.…

Apache Web Server Zero-Day Exposes Sensitive Data
2021-10-05 20:01

Apache Software has quickly issued a fix for a zero-day security bug in the Apache HTTP Server, which was first reported to the project last week. Path traversal issues allow unauthorized people to access files on a web server, by tricking either the web server or the web application running on it into returning files that exist outside of the web root folder.